 |
Account Login
|
 |
|
Latest Articles
|
|
|
IRC Channel
|
|
|
Associates
|
|
|
Associates
|
|
|
 |
|
|
|
07-02-2009, 08:58 PM
|
#1 (permalink)
|
|
The Contributor
Join Date: May 2009
Location: LA, CA
Posts: 87
Thanks: 0
|
Captcha
I just read a thread about this so I guess its alright to talk about its specifics on making your own here on this section, I think.
Like, anything that you should look out for when using it?
And why are the images usually distorted, is this really necessary? Is it to prevent text recognition software on images? Sometimes theyre really hard to read, on sometimes I have to reload the captcha more than 5 times.
Wikipedia says its a type of challenge-response test used in computing to ensure that the response is not generated by a computer.
I tried writing my simple first attempt at this a few weeks ago on a test page. What I did was:
- Created jpeg files for every letter and gave them numeric filenames.
- I then generate 8 random numbers within the limits of the filenames and display the corresponding images. I also assemble the captcha string using those, converting the numbers into letters.
- Then I let javascript compare the user input and the captcha string, if it matches it proceeds if not it gives you a popup error message. If you disable JS and try to submit it wont submit.
Im thinking of a different way of doing it like instead of javascript, Ill validate it on the next page using php. But wont that beat the point? Isnt this meant to stop things on the page where its at and let the other security measures handle the rest on the next page?
Also, maybe if JS is off, tell the user to turn it on if im keeping it in JS? |
|
|
|
|
07-02-2009, 09:07 PM
|
#2 (permalink)
|
|
The Addict
Join Date: Jun 2008
Posts: 335
Thanks: 2
|
You should never use JS to validate things from the user it's only for stylistic uses but when you let them submit with the captcha the point is to validate the captcha before anything. The distorted images it to prevent automated OCR-capable bots from guessing your captcha also. I always use reCaptcha for all my captcha needs.
|
|
|
|
|
07-02-2009, 09:28 PM
|
#3 (permalink)
|
|
The Contributor
Join Date: May 2009
Location: LA, CA
Posts: 87
Thanks: 0
|
Well, yes thats what I was thinking of in a way ~ before anything else, including before you can even touch the next page. But I know its not really ideal for the said reasons...
Ok, then what about:
You keep them both. You leave the JS just for the convenience of the user, to let them now ahead of time if what they typed is right before submitting then php will check it again on the next page.
|
|
|
|
|
07-02-2009, 09:46 PM
|
#4 (permalink)
|
|
The Addict
Join Date: Jun 2008
Posts: 335
Thanks: 2
|
Well JS shouldn't be able to verify your captcha lest you make a call to your server to verify
|
|
|
|
|
07-02-2009, 09:58 PM
|
#5 (permalink)
|
|
The Contributor
Join Date: May 2009
Location: LA, CA
Posts: 87
Thanks: 0
|
The way I did it, JS will have something to compare it to since Im echoing the string directly to the javascript function that checks it. Or this is stupid since if... you can write a program that recognizes text from an image you can i guess just locate it within the page which is in plain text form...?
I can make a call to the server too with JS and make the check there.
Well, I really am considering the no javascript version. Ill try that on my next version of it along with the other things.
I looked for a live version and tried saving the image. It just has a uniform name and its just one file, image.jpg. Is it possible to create or, assemble a single image from multiple images using php? Or its just a single image file really thats like cloned then renamed? Ill try to look for a way on how to make such a thing...
ADD:
I found something on how to create images using php, Ill try it when I get home.
Last edited by cecilia : 07-03-2009 at 01:30 AM.
|
|
|
|
|
07-03-2009, 03:42 AM
|
#6 (permalink)
|
|
Wizard
Join Date: Sep 2007
Posts: 1,299
Thanks: 17
|
Never let javascript even have a hand in any validation you don't want completely bypassed. Your method to send to the server and have it send back has two problems:
1. Javascript can be modified on pages, they can modify it to always return yes
2. The HTTP call javascript makes can be intercepted (so it never actually gets out) and forged (so the script thinks it all worked).
I've never made a system that does this, but off the top of my head this is how I would do it:
1. Start.php
- Creates a row in the database with a random confirmation string. This row has an another randomly generated ID string (called aID).
- Sets a hidden field with the value of aID.
- Calls image.php to generate an image with that associated ID.
- Has a text field to enter the string in.
2. image.jpg
-Actually a PHP scipt, mod_rewrite or server MIME types (telling the server to process the jpg as a PHP file) are used to create this effect. aID will be in the GET data, it goes into the database and returns the image form of the string.
3. Process.php
- Takes the associated ID from the hidden form and compares it's confirmation string to the user input. If they match they are though, otherwise return the error.
Other tasks:
1. Delete unconfirmed rows that are more than 12 hours old.
2. Delete rapidly generated rows from a single IP or whatever method you use (not foolproof, would require additional storing).
|
|
|
|
|
07-03-2009, 04:21 AM
|
#7 (permalink)
|
|
The Addict
Join Date: May 2009
Posts: 287
Thanks: 5
|
Don't forget the lovely tutorial hosted on this site which gives you a sample captcha system.
[Tutorial] CAPTCHA |
|
|
|
|
07-03-2009, 05:14 AM
|
#8 (permalink)
|
|
Wizard
Join Date: Sep 2007
Posts: 1,299
Thanks: 17
|
Quote:
Originally Posted by adamdecaf
Don't forget the lovely tutorial hosted on this site which gives you a sample captcha system.
[Tutorial] CAPTCHA |
A fine method if you want to use sessions. Sessions are unreliable (in my experience) and use up a lot of server resources. |
|
|
|
|
07-03-2009, 05:34 AM
|
#9 (permalink)
|
|
The Addict
Join Date: May 2009
Posts: 287
Thanks: 5
|
It's more of an example on how to set up the image, security, randomness, ect...
But yes secessions are not perfect.
|
|
|
|
|
07-06-2009, 06:26 PM
|
#10 (permalink)
|
|
The Contributor
Join Date: May 2009
Location: LA, CA
Posts: 87
Thanks: 0
|
thats a useful tutorial for making your own. Ill try the image making section first, I really want to see it in action. Then ill try to make mine not session dependent somehow?
I tried it this is what I got in plain text:
‰PNG � IHDR�����‡€IDATxœA �0�?U,€‚;•a��†�d��aX@†a��†�d��aX@†a ��†�d��aX@†a��†�d��aX@†a��†�d��aX@†a��†�d��aX@ †a��†�d��aX@�i�9NIENDB`‚
I got this instead when I changed it to making a jpeg.
�JFIF����>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality C���������� � � ������������� $.' ",#��(7),01444�'9=82<.342C� � �2!�!222222222222222222222222222222222222222222222 22222������"����������������������� ĵ�������������}�������!1A��Qa�"q�2‘�#B�R$3 br‚ �����%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ƒ„…†‡ˆ‰Š’“”•–—˜™š �������������������� ĵ��������������w������!1��AQ�aq�"2��B‘ #3R�br �$4%����&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvw xyz‚ƒ„…†‡ˆ‰Š’“”•–—˜™š ������?(€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€?
Im probably doing something wrong, I think ill try again later
|
|
|
|
|
07-06-2009, 09:44 PM
|
#11 (permalink)
|
|
Wizard
Join Date: Sep 2007
Posts: 1,299
Thanks: 17
|
Quote:
Originally Posted by cecilia
thats a useful tutorial for making your own. Ill try the image making section first, I really want to see it in action. Then ill try to make mine not session dependent somehow?
I tried it this is what I got in plain text:
‰PNG IHDR‡€IDATxœA 0?U,€‚;•a†daX@†a†daX@†a†daX@†a†da X@†a†daX@†a†daX@†a†daX@Ʋi9NIENDB`‚
I got this instead when I changed it to making a jpeg.
JFIF>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality C $.' ",#(7),01444'9=82<.342C 2!!22222222222222222222222222222222222222222222222 222" ĵ}!1AQa"q2‘#BR$3br‚ %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ ˆ‰Š’“”•–—˜™š ĵw!1AQaq"2B‘ #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz‚ƒ „…†‡ˆ‰Š’“”•–—˜™š ?(€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€ (€?
Im probably doing something wrong, I think ill try again later
|
Don't output it as text, you need to set the MIME type to image/png
PHP Code:
header("Content-Type: image/png");
|
|
|
|
|
07-06-2009, 06:56 PM
|
#12 (permalink)
|
|
The Addict
Join Date: May 2009
Posts: 287
Thanks: 5
|
Your server doesn't support making the image (fully). It happens to me on my local server.
|
|
|
|
|
07-06-2009, 09:36 PM
|
#13 (permalink)
|
|
The Contributor
Join Date: May 2009
Location: LA, CA
Posts: 87
Thanks: 0
|
I ran a check and it seems I support it, sorta:
PHP Code:
foreach (gd_info() as $key=>$val) echo "$key: $val<br />";
GD Version: bundled (2.0.34 compatible)
FreeType Support: 1
FreeType Linkage: with freetype
T1Lib Support:
GIF Read Support: 1
GIF Create Support: 1
JPG Support: 1
PNG Support: 1
WBMP Support: 1
XPM Support: 1
XBM Support: 1
JIS-mapped Japanese Font Support: |
|
|
|
|
07-06-2009, 10:00 PM
|
#14 (permalink)
|
|
The Contributor
Join Date: May 2009
Location: LA, CA
Posts: 87
Thanks: 0
|
Ok I already lost the one that I wrote. This is from php.net and its almost jsut like it:
PHP Code:
header("Content-type: image/png");
$im = @imagecreate(110, 20)
or die("Cannot Initialize new GD image stream");
$background_color = imagecolorallocate($im, 0, 0, 0);
$text_color = imagecolorallocate($im, 233, 14, 91);
imagestring($im, 1, 5, 5, "A Simple Text String", $text_color);
imagepng($im);
imagedestroy($im);
What I did was just let it run in the open. And it gives me:
‰PNG IHDRnV,šPLTE[anfIDAT•c` `fx` 41ƒ‚€˜–’q@;{á0— œi
When I placed this on a separate php file picmaker.php, and used an image tag with the file for its src value it works.
HTML Code:
<img src='picmaker.php' alt='Image created by a PHP script'>
Went through the tutorial again... Sorry, I missed that part, it was there. |
|
|
|
|
03-13-2013, 08:00 AM
|
#16 (permalink)
|
|
The Wanderer
Join Date: Mar 2013
Posts: 13
Thanks: 0
|
Nike Free 3.0 Shoes barefoot series of running shoes is one of the last couple of years, most the Nike fans favorite Nike Free 3.0 V4 running shoes.The series generally forefoot Waffle husband outside shading road design, has raised friction block has extremely suitable for running grip, and can be dispersed impact, make running more comfortable. The heel BRS1000 carbon fiber rubber, more wear-resistant, good grip, but the intense friction will leave a black mark on the ground.If Nike Free 3.0 Womens flexibility rating, 0.0 for barefoot running, 5.0 for ordinary running shoes. Nike Free Run Shoes running shoes introduced a FREE 3.0, Nike Free 3.0 V3 , FREE 7.0 FREE EVERYDAY FREE RUN + FREE style.nikefree30shoessale130313
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Hybrid Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Join the friendly bunch on IRC...
